import win32security

import ntsecuritycon as con

FILENAME = "c:\\logs\\screen.exe"

userx, domain, type = win32security.LookupAccountName("", "admin")

sd = win32security.GetFileSecurity(FILENAME, win32security.DACL_SECURITY_INFORMATION)
dacl = sd.GetSecurityDescriptorDacl()
ace_count = dacl.GetAceCount()
for i in range(0, ace_count):
    rev, access, usersid = dacl.GetAce(i)
    user, group, type = win32security.LookupAccountSid('', usersid)
    print('User:{} {}/{}'.format(type, group, user), rev, access)

dacl.AddAccessDeniedAce(win32security.ACL_REVISION,
                        con.FILE_GENERIC_WRITE | con.FILE_GENERIC_READ | con.FILE_GENERIC_EXECUTE | con.FILE_ALL_ACCESS,
                        userx)

sd.SetSecurityDescriptorDacl(1, dacl, 0)
win32security.SetFileSecurity(FILENAME, win32security.DACL_SECURITY_INFORMATION, sd)

dacl.DeleteAce(0)
